Many organizations have only a passing understanding of the scope of their application portfolios and how these assets are exposed to the Internet and other potentially dangerous networks. This puts them in a risky situation where they have an attack surface that is unknown and unmanaged, often resulting in serious vulnerabilities being exposed indefinitely. This presentation looks at several tools and methods that can be used to enumerate enterprise application assets – including web applications, mobile applications, and web services. The discussion covers several open source application asset identification tools and compares their effectiveness. Finally, a framework for ongoing application asset discovery and enumeration is presented so that security managers can embark on a structured program to characterize their risk exposure due to their enterprise attack surface.
Presenter Dan Cornell
As Chief Technology Officer and Principal at Denim Group, Dan leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is a globally recognized application security expert with over 15 years of experience architecting, developing and securing web-based software systems. Learn more about Dan>>
Follow Dan Cornell on Twitter: @danielcornell